Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
esri arcgis vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2019-16193
In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting (XFS) attack through the EDIT MY PROFILE feature.
Esri Arcgis Enterprise 10.6.1
4.8
CVSSv3
CVE-2023-25835
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated malicious user to create a crafted link that is stored in the site configuration which when clicked could potential...
Esri Portal For Arcgis
7.5
CVSSv3
CVE-2022-38184
There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated malicious user to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs.
Esri Portal For Arcgis
7.5
CVSSv3
CVE-2022-38187
Prior to version 10.9.0, the sharing/rest/content/features/analyze endpoint is always accessible to anonymous users, which could allow an unauthenticated malicious user to induce Esri Portal for ArcGIS to read arbitrary URLs.
Esri Portal For Arcgis
6.1
CVSSv3
CVE-2022-38188
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.
Esri Portal For Arcgis
5.4
CVSSv3
CVE-2022-38189
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated malicious user to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser...
Esri Portal For Arcgis -
6.1
CVSSv3
CVE-2022-38190
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated malicious user to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the ...
Esri Portal For Arcgis
6.1
CVSSv3
CVE-2022-38208
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11 and below that may allow a remote, unauthenticated malicious user to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
Esri Portal For Arcgis
6.1
CVSSv3
CVE-2022-38209
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated malicious user to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim’s browser.
Esri Portal For Arcgis
6.1
CVSSv3
CVE-2022-38210
There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below that may allow a remote, unauthenticated malicious user to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser.
Esri Portal For Arcgis
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »